WordPress · Oceanwp Wordpress Theme · CVE-2025-8944
**Name of the Vulnerable Software and Affected Versions**
OceanWP WordPress theme versions prior to 4.1.2
**Description**
The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even those with limited privileges like a subscriber, to modify the `darkMod` setting.
**Recommendations**
Update the OceanWP WordPress theme to version 4.1.2 or later.